Key takeaways:
- Trezor announced that it had discovered a security vulnerability that resulted in the exposure of over 66,000 customers’ contact details.
- The firm claimed to have notified all 66,000 contacts about the problem via email.
Trezor, a producer of hardware wallets, announced on January 20 that it had discovered a security vulnerability that resulted in the exposure of over 66,000 customers’ contact details.
On January 17, Trezor discovered unauthorized access to a third-party support portal. According to the business, users who have communicated with Trezor’s support staff since December 2021 may have had their data obtained during the incident.
Despite the lack of confirmation, Trezor stated that they believe it is their duty to alert the impacted users to the potential that their contact information may have been compromised and that they may be targets of a phishing attempt. The firm claimed to have notified all 66,000 contacts about the problem via email. They included the following as well:
“We want to stress that none of our users’ funds have been compromised through this incident. Your Trezor device remains as secure today, as it was yesterday.”
The attacker sent direct emails to at least 41 users, asking for private information on their recovery seeds. In addition, the contact information of eight users who registered on the trial discussion platform of a third-party vendor was also exposed.
Phishing is a kind of cybercrime in which perpetrators pose as reputable organizations in order to trick victims into divulging personal information. Phishing is a common technique used to acquire sensitive information, including credit card numbers, login passwords, and other private data.
Trezor claims that as a result of the event, no recovery seed phrases have been made public. Additionally, the company says that within an hour of the event, consumers who received emails were notified. The business stated:
“The potential exposure of email addresses might be harmful in the fact that the emails can be subject to phishing attempts. As of now, we have not observed any spike in phishing activity as a result of this security incident.”
Trezor is a well-known producer of hardware wallets for cryptocurrencies that specializes in cold storage for digital assets. Nonetheless, the business has seen a number of security lapses over time.
It alerted users in March to a phishing attempt that sought to steal investors’ money by posing as a Trezor website and requesting the recovery password from the wallet. In another incident, users’ private keys were compromised by con artists peddling phony Trezor devices.
Recently, the team said on social media that Socket had been infiltrated and that contracts pertaining to it had been stolen for $3.3 million. The group declared that all damage had been fully repaired, and the platform was operational again.
